26 Companies Driving Boston’s Massive Information Security Cluster

The number of Bay State-based information security companies is impressive – and that’s putting it lightly. The list of these organizations is growing rapidly as new startups launch and spread their roots in Boston. Let’s face it: it’s getting hard to keep track.

That’s why we’ve put together our own compilation of information security companies that call the Boston area home. This list is by no means exhaustive, and organizations are featured in alphabetical order.

As you’ll notice, a lot of the companies on this list are our own BIZZpage customers – meaning that many of them are hiring for multiple positions. Head over to our Job Board to see the latest open roles.

Not on the list? Want to be? Shoot us a note and we’ll add you!

(Original Article)

CVE-2016-0728, Practicality, and Going Crazy

A new and very serious Linux kernel exploit affecting Linux kernels 3.8 and later, CVE-2016-0728, was announced today with surprisingly little fanfare.

Perception Point LTD, the company that disclosed the vulnerability, provided an amazing write up which I’ve already linked to. Without going into the questions of responsible disclosure, etc., the write up is one of the very rare ones: professional and succinct, while providing exactly the details needed to understand what is going on.

So why do I find myself surprised that this isn’t more prevalent in the news? This vulnerability, when exploited, effectively gives unrestricted root access and there is no patch available for it yet. The best I can find is a crafty SystemTap patch attached to RedHat’s bug report on the issue; PaX/grsecurity unsurprisingly protects against this, and a comment on the sample code indicating that there is a non-default sysctl value that might provide limited protection at the expense of being able to perform some performance analysis as a regular user. SELinux does provide some protection but it can be bypassed, and Perception Point indicates that they’ll even provide write ups of how they test in follow-up blog posts.

I personally don’t see any harm in recommending that users set the following sysctl values if they have an affected kernel using the following command as root, at least until a proper patch is available. As always, please understand changes you make to your systems and don’t trust every blog post.

sysctl -w kernel.kptr_restrict=1

There is one side of these kinds of vulnerabilities that I don’t see discussed very much in the security industry: practicality of using the attack. When I personally consider exploits like these, I like to think about a couple of different categories, which in my mind map to how they’ll be used. Is it a local or remote vulnerability? How reliable is it? How easy would it be to modify to execute any other arbitrary code? What privileges will my new code have? How likely is it to be patched on a system?

Some of these questions I’ve already answered: the exploit gives full root access, and there is a very small chance that a target is protected against it. As to reliability, the proof of concept code released with the write up works scarily well, though it takes time and resources (about half an hour when I tested it in a virtual machine) and I have yet to see it fail. There also doesn’t appear to be any restriction on the code you’re able to execute with those privileges.

The one redeeming feature of this exploit – and probably why people are not going as crazy over this as some other recent named vulnerabilities  – is that it requires getting the code to run as an already legitimate user. In the parlance of our industry, it is exclusively a privilege escalation vulnerability.

There are a lot of applications out there now running on a matching kernel, and unless you really read that write up you may miss it. This exploit affects Android 4.4 and later. There doesn’t seem to be a working PoC for Android yet but people are already trying to test it and there is nothing special about the Android kernel that will prevent it.

Automatic Detection and Enhanced Alerting on the Wireless and Wired Devices Currently Putting Your Network at Risk

Pwnie Express’ Pwn Pulse™ Delivers Device Protection To Detect the Phone or the Drone, with Risk Analysis  Reports Even The Board Can Understand

Boston, MA – January 19, 2016 – IT security teams are working to understand and see all the wireless and wired devices that are on and even around their network. The ability to visualize, fingerprint, and analyze the behavior of these devices is critical for threat detection, BYOD policy enforcement, remote vulnerability assessment, resource inventory management, bandwidth optimization, and more.  Today, Pwnie Express introduced new and updated real-time, automatic detection capabilities to help IT security teams pinpoint and report on the specific wired or wireless devices on or around their networks that are putting their organization at risk – whether it be potential drones, misconfigured phones, open ports, card skimmers, or unauthorized Bluetooth-enabled devices.

The Pwn Pulse SaaS Platform provides comprehensive visibility and real-time reporting, giving IT security teams the granular device intelligence needed to prioritize security response, such as device type, operating system, MAC address, device connection history, etc. By automating 30+ new rules in addition to existing built-in rules and alerts, Pwn Pulse allows organizations to “set them and forget them,” by continuously monitoring and providing real-time alerts and daily trend reports on the metrics that matter most. By seamlessly integrating with SIEM/WIPS systems, Pwn Pulse also enables the implementation of real-time remediation efforts, such as helping organizations quickly “track and disable” the devices posing threats to the organization.

This enhanced Pwn Pulse functionality helps to address a number of key business challenges organizations face, including:

  • Trend Analysis: Pwn Pulse trend reports are easy for non-technical users to understand, and give organizations a high-level view of their overall device landscape. This helps businesses to determine threat levels based on numbers of rogue or misconfigured devices on or near the network over time, and also correlate time periods to prepare for future spikes in device use (i.e. the surge in new employee-owned devices after the holiday season).
  • BYOD Policy Creation and Enforcement: By providing ongoing trend analysis of the overall device landscape, Pwn Pulse helps organizations to create or fine-tune BYOD programs that possess the critical and comprehensive visibility needed to effectively enforce policies.
  • Enterprise Resource Allocation and Inventory Management: By continuously monitoring and reporting on all devices in and around the network, large organizations can more effectively determine resource needs – such as whether or not a business division actually requires two new printers when they already have 10 – and continuously manage inventory.
  • Customized Reporting: Every organization is unique. Pwn Pulse gives organizations the option of custom-building their own rules and reports, which can be easily updated and modified over time based on user input.
  • Trend Analysis: Pwn Pulse trend reports are easy for non-technical users to understand, and give organizations a high-level view of their overall device landscape. This helps businesses to determine threat levels based on numbers of rogue or misconfigured devices on or near the network over time, and also correlate time periods to prepare for future spikes in device use (i.e. the surge in new employee-owned devices after the holiday season).

“Organizations from around the world have deployed our Pwn Pulse SaaS platform to detect rogue, misconfigured, and unauthorized devices across wired and wireless spectrums and achieve visibility across their distributed and often global network,” said Edwin Marin, Vice President of Engineering, Pwnie Express. “Our collaborative relationship with our customers has fueled the continued evolution of our product line. Based on their valuable feedback, we’ve taken the platform to the next level by automatically detecting the devices creating the most risk to an organization at any point in time.  Within minutes of deployment, Pwnie’s new alerting capabilities immediately show not only the purpose of the features, but also the direct value.”

About Pwn Pulse

Pwn Pulse continuously detects all of the devices putting an organization’s workplace at risk. The SaaS platform detects devices connected to or even around a network, helping to replace legacy, expensive, on-site, manual point-in-time assessments. Pwn Pulse finds unidentified, open attack paths including: mobile phones, Wi-Fi Printers, Access Points, Smart Devices, and more, while working to amplify an organization’s existing IT and security tools, people, and workflow.

Enhanced reporting functionality will be generally available at the end of the first quarter of 2016.

About Pwnie Express

Pwnie Express provides threat detection of the billions of devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers. Pwnie arms your security team to win the BYOD battle with the ability to detect and fingerprint any device, from phone to thermostat, in order to prioritize your security response, reduce alert fatigue, and provide situational intelligence. See all the things you’re missing at pwnieexpress.com or @PwnieExpress.

Hooyah! The Challenge of BYOD Policy Enforcement in the Navy and In Your Organization

I have been off the boat (former submariner) for a few years now, but every now and again I find myself browsing the U.S. Navy’s public website to see who got promoted and to check out the new policies heading to the fleet. Last week, I saw a NAVADMIN, (a formal Navy Administration Memo for those not in the service), with the subject, USE OF UNCLASSIFIED NAVY AND MARINE CORPS INTRANET LAPTOPS WITH EMBEDDED  WIRELESS (NAVADMIN 290/15). The message goes on to present a new formal policy to a problem facing many organizations – protecting critical data and systems from the ever-growing swarms of wireless devices.

With a tradition of tech heroes like Grace Hopper and Hyman Rickover, the U.S. Navy has a proud history of being an innovator and early adopter of technology (Hooyah!). From the early days of software, through nuclear propulsion reactors and advanced weapons systems and satellites, the Navy has tackled the most challenging of technical problems. This history makes it particularly interesting to see how such a large and structured organization is tackling the proliferation of web-enabled devices.

In short, the policy states that devices issued for use on UNCLASSIFIED systems, when used in areas with sensitive networks and operations, must have the WiFi turned off by the operator. The onus is on the device owner to remember that they must disable wireless capabilities prior to entering these areas (of which the Navy has many), and re-enable when they are in an appropriate area.

But here’s the thing, relying on humans to remember to turn off WiFi will be challenging. It’s even a significant challenge when you have well trained and loyal sailors legally bound to follow your orders. So the question must be asked, how do you enforce this type of policy? The memo goes on to tease some additional measures for “detection/jamming” on the horizon so that the policy can be properly enforced, though specifics aren’t offered at this time

Sound familiar? It should, because, this is not just a problem for the military. Every organization has sensitive data and critical infrastructure that needs to be protected – and your “sailors” are not legally bound to follow orders. You might even have something similar in your enterprise where you have a BYOD or IoT policy that states WiFi should be disabled or even certain devices not allowed onto the WiFi network. Two stats are telling: While 74% of organizations permit or plan to permit BYOD, 30% of those with a BYOD policy in place have no way to enforce it or simply rely on the honor system.
Now, ask yourself, how will your organizations develop and enforce policies to mitigate risk and protect your important assets in 2016? Let us know below.

Pwn Pulse Now Available In Europe: EU Workplaces Gain Full Visibility Into the Connected Devices Posing Threats To Their Networks For the First Time

With the rise in connected devices around the world, organizations globally need to better understand the threat of connected devices in and around their workplaces. In fact, according to the ISACA European 2015 IT Risk/Reward Barometer, 70 percent of European business and IT professionals consider it a medium to high likelihood that a company will be hacked through an internet-connected device. As bring your own device (BYOD) and Internet of Things (IoT) devices continue to proliferate in workplaces across the EU, 51 percent believe their IT department is not aware of all of the connected devices within the organization, and one in three do not have a policy in place to address BYOD at all – let alone discover and analyze the multitude of devices in and around their networks. These devices can be inherently malicious or can be used as gateways into the networks of these organizations, including critical networks used by utilities, financial institutions, government organizations, and others.

Our Pwn Pulse SaaS platform continues to gain recognition for its unique ability to detect and fingerprint rogue, misconfigured, and unauthorized devices on and around workplace networks – driving increased global demand. Today, we are proud to announce the European availability of our device detection platform in Europe, to help EU organizations protect their critical business infrastructure while preserving data privacy. With Pulse, European organizations can now detect all of the things – from phones and printers to malicious access points – across wired and wireless spectrums. This gives security teams full visibility of all devices, and enables real-time analysis and auditing of each device to determine which are rogue, misconfigured, or unauthorized. This helps them to prioritize security response, reduce alert fatigue, and provide situational intelligence to implement real-time remediation.

As part of this new offering, and as a committed, trusted security partner, we have deployed an on-continent instance of Pwn Pulse to meet newly heightened customer data policies as dictated by the EU. 

 

You can read full details of today’s announcement HERE.

Are you a European company interested in learning more about Pwnie Pulse? Contact us at sales@pwnieexpress.com

For The First Time, EU Workplaces Gain Full Visibility Into the Connected Devices Posing Threats To Their Networks

Pwnie Express Launches Pwn Pulse SaaS Platform in Europe to Automatically Detect the Wireless and Wired Devices Putting European Businesses and Critical Infrastructure at Risk

BOSTON, MA–(Marketwired – Jan 5, 2016) – Pwnie Express, providers of real-time threat detection of all the wireless and wired devices in and around workplaces, today announced European availability of its Pwn Pulse SaaS platform. European organizations can now detect rogue, misconfigured, and unauthorized devices, from phones and printers to malicious access points, across wired and wireless spectrums. Visibility from Pwn Pulse helps European companies more comprehensively protect critical business infrastructure while preserving data privacy.

Demand for Wireless/Wired Device Detection Fuels Pwnie Express Growth
According to the ISACA European 2015 IT Risk/Reward Barometer, 70 percent of European business and IT professionals consider it a medium to high likelihood that a company will be hacked through an internet-connected device. As bring your own device (BYOD) and Internet of Things (IoT) devices continue to proliferate in workplaces across the EU, 51 percent believe their IT department is not aware of all of the connected devices within the organization, and one in three do not have a policy in place to address BYOD at all — let alone discover and analyze the multitude of devices in and around their networks. These devices can be inherently malicious or can be used as gateways into the networks of these organizations, including critical networks used by utilities, financial institutions, government organizations, and others.

Committed to ensuring the highest level of customer data privacy, Pwnie Express has deployed an on-continent instance of Pwn Pulse to meet newly heightened customer data policies as dictated by the EU. Pwnie Express, as a committed trusted security partner, has instituted the capability to store all EU customer data exclusively in the EU. This helps European organizations further reduce privacy risks while helping to ensure regulatory compliance.

Pwnie CEO, “The unique ability to detect and fingerprint these devices is driving global demand for Pwnie’s device detection platform.”

“With the rise in connected devices around the world, organizations globally need to better understand the threat of connected devices in, and around, their organizations,” said Paul Paget, CEO, Pwnie Express. “It starts with full visibility of all the devices and then real-time analysis and auditing of each device to determine which are rogue, misconfigured, or unauthorized. Pwn Pulse was purpose-built to help security teams not only detect and monitor these devices, but then prioritize security response, reduce alert fatigue, and provide situational intelligence to implement real-time remediation.”

About Pwnie Express
Pwnie Express provides threat detection of the billions of wireless and wired devices in and around your workplace. By automating wireless and wired device detection, Pwnie solutions continuously detect the devices on or around your network that are open pathways for attackers. Pwnie arms your security team to win the BYOD battle with the ability to detect and fingerprint any device, from phone to thermostat, in order to prioritize your security response, reduce alert fatigue, and provide situational intelligence. See all the things you’re missing at pwnieexpress.com or @PwnieExpress.